How-To

Enable Full Disk BitLocker Encryption On PCs Without TPM (Updated)

Updated

BitLocker in Windows allows you to encrypt your hard drive, but requires hardware with a TPM microchip. If you don’t have TPM enabled hardware, you can still use it.

BitLocker was first introduced in Windows Vista Ultimate and Enterprise editions as an encryption security feature for your local and portable drives with BitLocker to Go. If you’re serious about keeping the data on your local drive safe, I recommend enabling it – especially on laptops. Here’s how to enable it.

Note: BitLocker encryption is not included in Home or Premium versions of Windows — Pro or Enterprise only. Also, BitLocker in Windows 10 version 1511 (November Update), or higher, now includes the 256-bit XTS-AES encryption mode that provides additional integrity support with an improved algorithm. However, it’s not available on older versions of Windows.

Windows BitLocker Hardware Requirements

For BitLocker to work, you need a PC with a Trusted Platform Module (TPM). According to Microsoft:

A PC with a Trusted Platform Module (TPM), which is a special microchip that supports advanced security features. If your PC was manufactured with TPM version 1.2 or higher, BitLocker will store its key in the TPM.

To turn on BitLocker Drive Encryption on the operating system drive, your PC’s hard disk must:

  • Have at least two partitions: a system partition (which contains the files needed to start your PC and must be at least 100 MB) and an operating system partition (which contains Windows). The operating system partition will be encrypted but the system partition will not, so your PC can start. If your PC doesn’t have two partitions, BitLocker will create them for you. Both partitions must be formatted with the NTFS file system.
  • Have a BIOS (the built-in software that starts the operating system when you turn on your PC) that’s compatible with TPM or supports USB devices during PC startup. If this isn’t the case, you’ll need to update the BIOS before using BitLocker.

If your system meets those requirements, you’ll have no problem enabling BitLocker on your local drive. But, your computer might not meet those requirements. Luckily there’s a workaround provided you’re not running a Home version of Windows.

Does my PC have TPM?

To find out if your PC has a TPM, open Control Panel, select BitLocker Drive Encryption > TPM Administration.

TPM Administration

Then you’ll see if your system has TPM. In this case, my computer doesn’t have it – but it might be possible to enable it in your system’s BIOS. When dealing with a PC’s BIOS, each system varies, so you might need to refer to manufacturer documentation. But what if you don’t have TPM-enabled hardware?

TPM not Enabled

Use BitLocker on Drives Without TPM

If you don’t want to deal with messing with your computer’s BIOS or waste time updating it, there’s an easy way to make BitLocker work without TPM-enabled hardware. Use the keyboard shortcut Windows Key + R and type: gpedit.msc and hit Enter or click OK.

gpedit

Now navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Then double click on “Require Additional Authentication at Startup.”

Local Group Policy Editor

On the next screen, select Enabled, and under Options, check the box “Allow BitLocker Without a Compatible TPM” and click OK and close out of Group Policy Editor.

allow bitlocker without tpm

Turn on BitLocker

Now that you have that taken care of, there are a couple of ways to enable BitLocker. Open Computer from the Desktop, right-click on your local drive, and select Turn on BitLocker.

Turn on Bitlocker Right Click

Or, from the Explorer Ribbon, you can turn it on under Drive Tools.

BitLocker File Explorer Ribbon

Now it’s just a matter of working through the BitLocker Drive Encryption Wizard.

turn on BitLocker

When you get to this point of the wizard, you need to decide if you want to have a password or use a separate USB flash drive. I recommend using a password since flash drives are easily lost.

usb or pw

Saving BitLocker Recovery Key

Now you need to save your BitLocker Recovery Key in one or more of the ways offered. The key can be used if you forget the password or something goes wrong with your system. The cool thing is it allows you to save in more than one way, including your Microsoft Account.

Important! If you lose it, you’re out of luck for unlocking your drive, so be sure you save it in a safe location or, better yet, multiple locations. Personally, I create a file and save it to my home server and an external hard drive, and I save it to my Microsoft Account too.

Save Backup Key

Another cool thing you can do with BitLocker is encrypting only the used disk space, making the process much faster on new PCs and drives.

faster encrypt

After completing the wizard, you’ll need to restart your computer.

Restart to encrypt

Upon reboot, you’ll need to enter the password you set for BitLocker. And, you’ll always need to type it in after the encryption is completed to access your disk.

Enter BitLocker Password

Log in to your computer, and you’ll see Windows is encrypting your local disk. The amount of time it takes will vary on each system, but you don’t need to keep an eye on it…it’s going to take several hours in most cases. Let it run overnight or all day while you’re at work.

encryption progress

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Related Items:, , , , ,

Recommended for you

To Top